We just purchased some 310s.
We have setup Captive Portal for our Public WiFi network.
We found that when Captive Portal is enabled, public clients receive SSL browser warnings.
I understand that this is due to the fact that the Captive Portal is using a self-signed certificate.
Our Captive Portal page is just an "accept" page, no user credentials are exchanged.
Ideally, we would just disable HTTPS on the Captive Portal page. However, according to this forum post, https://community.arubanetworks.com/t5/Wireless-Access/Disable-HTTPS-on-Aruba-IAP-305-Captive-Portal/m-p/496913#M87648, there isn't a way to disable HTTPS on the Instant products.
So, I turn to installing a purchased certificate that browsers will 'accept.'
I found this post detailing how to install a certificate:
https://community.arubanetworks.com/t5/Controllerless-Networks/Virtual-Controller-Captive-Portal-SSL-Certificate-Options/td-p/283625
My question involves the installation of the certificate.
It sounds like I can create a CSR for a domain like public.ourdomain.com using a Windows PC. I can then purchase a certificate for public.ourdomain.com. Once I have converted the purchased certificate into a pem file, I can upload the pem file into the controller. This certificate will be shared across all APs. Once the purchased certificate is installed, public clients will load the public.ourdomain.com Captive Portal page without errors.
Is this accurate?
If so, do I need to setup any DNS entries for the public.ourdomain.com? Or add the public.ourdomain.com to the controller? Or will the controller automatically 'know' to use the new domain name when it brings up the captive portal page with the newly purchased certificate?
Thanks for your help.